Yesterday, February 18th, 2010, NetWitness Corporation announced that its analyst had discovered  a dangerous new ZeuS botnet affecting 75,000 systems in 2,500 organizations around the world. The newly-discovered botnet, referred to as the “Kneber botnet” after the username linking the infected systems worldwide, collects login credentials to online financial systems, social networking sites and email systems from infected computers and reports the information to evildoers who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities.

NetWitness discovered this particular botnet in January during a routine deployment of one of their systems. Further investigation uncovered extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials. Plus, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines.

Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division, said, “While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe. Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats. Organizations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage already has occurred. Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks.”

“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” stated Alex Cox, the Principal Analyst at NetWitness responsible for uncovering the Kneber-bot, “but that viewpoint is naive. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS and consider more diverse mission objectives.”

Over half the machines infected with Kneber also were infected with Waledac, a peer to peer botnet. The coexistence of ZeuS and Waledac suggests the goals of resilience and survivability and potential deeper cross-crew collaboration in the criminal underground.

“NetWitness enables the discovery of malicious code like Kneber – before things get critical and valuable data is lost,” said Cox. “It is 100% certain that many organizations have no idea they are victimized by these types of problems because they’re just not tooled to see them on their networks. The Kneber botnet is just one category of advanced threat that organizations have been facing the past few years that they are still largely ignorant or blind to today.”

This botnet is believed to have been operating undiscovered for the last 18 months.

To download a copy of the NetWitness Kneber whitepaper, visit http://www.netwitness.com.

The Wall Street Journal also wrote an article regarding this http://online.wsj.com/article/SB10001424052748704398804575071103834150536.html

I somehow lost track of this news item since the initial annoucement of Oracle’s intent to acquire Sun Microsystems came out. I know when the news was first annouced, I was a little concerned of what the impact of such an acqusition could mean for Sun’s open technologies such as Java and more importantly to me and many Open Source Software advocates, MySQL and OpenOffice.

Yesterday (January 27th, 2010), I received the press release announcing that Oracle had finally completed the Sun Microsystems acquisition. While I will not include the press release in its’ entirety, I will include the most important parts (in my opinion) :

“…our open standards-based technology will give customers choice. Customers can purchase our fully integrated systems, or easily integrate our best-of-breed technologies with their existing environments. Our open technology also enables customers to take full advantage of third party innovations.”

“We are very excited about this combination and look forward to delivering to you increased innovation through accelerated investment in Sun’s hardware and software technologies such as SPARC, Solaris, Java, and MySQL.”

“This combination transforms the IT industry. With the addition of servers, storage, SPARC processors, the Solaris operating system, Java, and the MySQL database to Oracle’s portfolio of database, middleware, and business applications, we plan to engineer and deliver open and integrated systems—from applications to disk—where all the pieces fit and work together out of the box. Each layer of the stack will be architected to improve performance, leverage innovation and centralize management so that IT will be more predictable, more supportable, and more secure. Customers will benefit as their system performance, reliability and security goes up and their system integration and management costs go down.”

More information, including product strategy, and replay of the 1/27 live webcast including Larry Ellison and other executives from Oracle and Sun can be found at oracle.com/sun.

So, a sigh of relief for now. It looks as though Oracle intends to continue to support and remain a contributor to the open source projects, as well as offer commercial licensing options for those that prefer to have commercial support and updates. I will follow up with additonal posts regarding some of the compelling and emerging solutions and technologies that Oracle+Sun are and will be offering.

Have a great day!

Hello and seasons greetings!

Welcome to Kemp Solutions, where we attempt to make sense out of technology for you. Today we will discuss the challenges that businesses, both small and large, face during the current economic conditions here in the United States.

Our great nation was founded on the principals of capitalism which encourage free enterprise and business competition. During economic downturn, the competition can become a tougher challenge due to market conditions – smaller market due to smaller budgets, project freezes, business closures, etc. Many companies seal the hatches, stopping all growth and cutting budgets to the bare minimum in the hopes the “weather the storm”. The key mistake by many companies is they overlook the benefits of technology refreshes and investments in their Information Systems, and how this can actually save & earn them money by reducing operational costs, creating efficiencies, and giving them the competitive advantage that just may win them business over their competitors. Companies make this same mistake as it pertains to marketing by slashing marketing budgets that are key to keeping their company first and foremost in the minds of their market!

I would urge business owners to invest in a technology and business process assessment to determine if their business can benefit from a technology upgrade or implementation. For a small initial investment business owners can at least be well informed of the technology options available to their business, and their financial impact. An existing business can use this information to streamline their business through a technology engagement, or an entrepreneur can use this information to help build a sound business plan for a new venture.

Technology can sometimes be intimidating, especially for those that are not very comfortable with it, or long standing businesses that have managed to avoid its adoption in their business until now. It must be said that technology is not the answer to all business and certainly can never replace people in high touch businesses, but applied in the right amount, to the right areas, technology can have a positive impact on virtually any business.